Overview

overview

10

Static

static

10

JaffaCakes...83.exe

windows7-x64

10

JaffaCakes...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_50ae7ef897a0f22391010450c33e5283

  • Size

    125KB

  • Sample

    250305-f2w61szpw5

  • MD5

    50ae7ef897a0f22391010450c33e5283

  • SHA1

    213992af1eeea4361d9dbdded01faee3d0a30a7b

  • SHA256

    70adde8db316d8e62f0f04537083641d0d7a257c6b19e1fc9bae0c1a9635b8d1

  • SHA512

    994c70d3f3ec51851827b4cb1c3b103ef85c9835fa574ddbb5440c8329bf06972623c539a55d8a8616d36d97aa02820bcc7c17f417fbbc23eba912e81d0a9489

  • SSDEEP

    3072:zS3i7bVEnOQ5UP6hKRXuS6S9L3e2ta2OMdj3Kx8o1:zSKVEnOQ5UyhZK973aodj6d

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_50ae7ef897a0f22391010450c33e5283

    • Size

      125KB

    • MD5

      50ae7ef897a0f22391010450c33e5283

    • SHA1

      213992af1eeea4361d9dbdded01faee3d0a30a7b

    • SHA256

      70adde8db316d8e62f0f04537083641d0d7a257c6b19e1fc9bae0c1a9635b8d1

    • SHA512

      994c70d3f3ec51851827b4cb1c3b103ef85c9835fa574ddbb5440c8329bf06972623c539a55d8a8616d36d97aa02820bcc7c17f417fbbc23eba912e81d0a9489

    • SSDEEP

      3072:zS3i7bVEnOQ5UP6hKRXuS6S9L3e2ta2OMdj3Kx8o1:zSKVEnOQ5UyhZK973aodj6d

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks